The U.S. government has determined it must remain constantly engaged in cyberspace in response to the steps other countries and non-state actors are taking online.
Enemies are participating in economic espionage, theft of intellectual property and sowing distrust in society and American institutions, all of which take place below the threshold of armed conflict.
“A lot of the actions in cyberspace fall well below the threshold of use of force or anything like that. That’s our day-to-day life,” Army Brig. Gen. Jennifer Buckner, director of cyber within the Army’s G-3/5/7, told Fifth Domain in a November interview.
As such, U.S. Cyber Command has decided it needs a constant approach, a philosophy it has dubbed persistent engagement.
One top official believes the physical world is not analogous to the cyber world.
“That idea of persistent engagement, maintaining contact in order to shape the space, I think that realization of the operating environment ... [is] you really have to be engaged all of the time both offensively and defensively,” Buckner said.
Officials have also said persistent engagement involves persistent partnerships and persistent innovation.
As an example, Brig. Gen. Stephen Hager, deputy commander of operations for the cyber national mission force within U.S. Cyber Command, pointed to the public posting of malware the cyber national mission force discovers through operations.
Key Pentagon leaders assert nontraditional partnerships are critical in competing against top threats.
Hager said they “outed” the malware, posting it to an online forum for the cybersecurity community to identify where it came from, know what it is and if it’s being used maliciously in other areas as a means of blocking it. This is a slightly different way to “impose cost on an adversary,” Hager said.
Hager also noted that the mission in cyberspace might be enduring, much like the counterterrorism mission or general defense of the homeland. In other words, there is no immediate conclusion in sight.
“All we’re trying to do is go, ‘Hey there’s going to be a cost to doing this.’”
But he added that that despite expanded authorities, Cyber Command has not been provoking other nations wherever it wants around the world.
“We still have a number of checks and balances through the interagency and higher-level authorities above the military chain of command because we do operate within the legal confines that the U.S. government has put on us,” he said. “We’re not just a bunch of cowboys running out there and I can’t necessary say some of our adversaries follow those rules.”
Risk of escalation?
This approach is welcomed by many in the defense and national security community, but experts caution it may also ratchet up tensions.
“The case of China’s industrial espionage, none of that to me … individually rose above that level [of armed conflict], but there’s this interesting question around collectively did it?” Andrew Grotto, a researcher fellow at the Hoover Institution at Stanford University and former senior White House cybersecurity policy adviser, told reporters in October.
He added that while he doesn’t believe China’s industrial espionage rose above the level of armed conflict, that doesn’t mean the U.S. government shouldn’t care. He said that an inappropriate, and potentially escalatory, response would be to disable all the People’s Liberation Army’s computers.
Despite the malicious activity associated with Russia’s interference in the 2016 presidential election, collectively, the U.S. government decided those digital operations did not rise above the threshold of war.
However, Grotto said certain retaliatory measures against other nations could be subjectively perceived as rising above this threshold. “It’s a social construct. The definition [of war] is what we make of it,” he said.
For example, he said that China might view some kind of an attack on its so-called Great Firewall — the mechanism allowing China to sensor the internet for its citizens blocking many Western websites — as a major escalation.
Hager said a variety of factors go into crafting responses against actors. He explained there is an assessment of what that the risk could be to U.S. infrastructure or tools, the adversary’s infrastructure and tools, as well as the political ramifications.
While typically a nation doesn’t want to get caught performing foreign intelligence collection, Hager said this calculus might not be the same for a military organization such as Cyber Command, especially if leaders “want to demonstrate capability, will and intent to my adversary to deter them from getting to the kinetic fight.”
Part of the calculation might be that the United States wants a particular target to know that it is being retaliated against, Hager said.